Changing the default superuser

You can change the default superuser from the default cassandra user.

By default, each installation of Cassandra includes a superuser account named cassandra whose password is also cassandra. Superuser permissions allow creation and deletion of other users, and the ability to grant or revoke permissions.
Note: Use the default cassandra user only to assist with initial setup of new users and superusers, and then delete it.
  • Logins for the cassandra user are performed with QUORUM consistency.

    Do not use the cassandra user in production, because QUORUM consistency has significant performance degradation for multiple data centers.

  • Logins for all other users are performed with LOCAL_ONE consistency.

Procedure

  1. Configure internal authentication if you have not already done so.
  2. Create another superuser, not named cassandra, using the CREATE USER command.
  3. Log in as that new superuser.
  4. Change the cassandra user password to something long and incomprehensible, and then forget about it. It won't be used again.
  5. Take away the cassandra user's superuser status.
  6. Now, that the superuser password is secure, set up user accounts and authorize users to access the database objects by using CQL to grant them permissions on those objects.

    CQL supports the following authentication statements: